2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* linux/mm/oom_kill.c
|
|
|
|
*
|
|
|
|
* Copyright (C) 1998,2000 Rik van Riel
|
|
|
|
* Thanks go out to Claus Fischer for some serious inspiration and
|
|
|
|
* for goading me into coding this file...
|
|
|
|
*
|
|
|
|
* The routines in this file are used to kill a process when
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
* we're seriously out of memory. This gets called from __alloc_pages()
|
|
|
|
* in mm/page_alloc.c when we really run out of memory.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Since we won't call these routines often (on a well-configured
|
|
|
|
* machine) this file will double as a 'coding guide' and a signpost
|
|
|
|
* for newbie kernel hackers. It features several pointers to major
|
|
|
|
* kernel subsystems and hints as to where to find out what things do.
|
|
|
|
*/
|
|
|
|
|
2006-10-20 14:28:32 +08:00
|
|
|
#include <linux/oom.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/mm.h>
|
2007-07-30 06:36:13 +08:00
|
|
|
#include <linux/err.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/gfp.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/swap.h>
|
|
|
|
#include <linux/timex.h>
|
|
|
|
#include <linux/jiffies.h>
|
2005-09-07 06:18:13 +08:00
|
|
|
#include <linux/cpuset.h>
|
2006-09-26 14:31:20 +08:00
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/notifier.h>
|
2008-02-07 16:13:58 +08:00
|
|
|
#include <linux/memcontrol.h>
|
security: Fix setting of PF_SUPERPRIV by __capable()
Fix the setting of PF_SUPERPRIV by __capable() as it could corrupt the flags
the target process if that is not the current process and it is trying to
change its own flags in a different way at the same time.
__capable() is using neither atomic ops nor locking to protect t->flags. This
patch removes __capable() and introduces has_capability() that doesn't set
PF_SUPERPRIV on the process being queried.
This patch further splits security_ptrace() in two:
(1) security_ptrace_may_access(). This passes judgement on whether one
process may access another only (PTRACE_MODE_ATTACH for ptrace() and
PTRACE_MODE_READ for /proc), and takes a pointer to the child process.
current is the parent.
(2) security_ptrace_traceme(). This passes judgement on PTRACE_TRACEME only,
and takes only a pointer to the parent process. current is the child.
In Smack and commoncap, this uses has_capability() to determine whether
the parent will be permitted to use PTRACE_ATTACH if normal checks fail.
This does not set PF_SUPERPRIV.
Two of the instances of __capable() actually only act on current, and so have
been changed to calls to capable().
Of the places that were using __capable():
(1) The OOM killer calls __capable() thrice when weighing the killability of a
process. All of these now use has_capability().
(2) cap_ptrace() and smack_ptrace() were using __capable() to check to see
whether the parent was allowed to trace any process. As mentioned above,
these have been split. For PTRACE_ATTACH and /proc, capable() is now
used, and for PTRACE_TRACEME, has_capability() is used.
(3) cap_safe_nice() only ever saw current, so now uses capable().
(4) smack_setprocattr() rejected accesses to tasks other than current just
after calling __capable(), so the order of these two tests have been
switched and capable() is used instead.
(5) In smack_file_send_sigiotask(), we need to allow privileged processes to
receive SIGIO on files they're manipulating.
(6) In smack_task_wait(), we let a process wait for a privileged process,
whether or not the process doing the waiting is privileged.
I've tested this with the LTP SELinux and syscalls testscripts.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
2008-08-14 18:37:28 +08:00
|
|
|
#include <linux/security.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-06-23 17:03:13 +08:00
|
|
|
int sysctl_panic_on_oom;
|
2007-10-17 14:25:56 +08:00
|
|
|
int sysctl_oom_kill_allocating_task;
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
int sysctl_oom_dump_tasks;
|
2009-01-07 06:39:00 +08:00
|
|
|
static DEFINE_SPINLOCK(zone_scan_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
/* #define DEBUG */
|
|
|
|
|
2009-09-22 08:03:14 +08:00
|
|
|
/*
|
|
|
|
* Is all threads of the target process nodes overlap ours?
|
|
|
|
*/
|
|
|
|
static int has_intersects_mems_allowed(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
struct task_struct *t;
|
|
|
|
|
|
|
|
t = tsk;
|
|
|
|
do {
|
|
|
|
if (cpuset_mems_allowed_intersects(current, t))
|
|
|
|
return 1;
|
|
|
|
t = next_thread(t);
|
|
|
|
} while (t != tsk);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/**
|
2006-06-23 17:03:13 +08:00
|
|
|
* badness - calculate a numeric value for how bad this task has been
|
2005-04-17 06:20:36 +08:00
|
|
|
* @p: task struct of which task we should calculate
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
* @uptime: current uptime in seconds
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* The formula used is relatively simple and documented inline in the
|
|
|
|
* function. The main rationale is that we want to select a good task
|
|
|
|
* to kill when we run out of memory.
|
|
|
|
*
|
|
|
|
* Good in this context means that:
|
|
|
|
* 1) we lose the minimum amount of work done
|
|
|
|
* 2) we recover a large amount of memory
|
|
|
|
* 3) we don't kill anything innocent of eating tons of memory
|
|
|
|
* 4) we want to kill the minimum amount of processes (one)
|
|
|
|
* 5) we try to kill the process the user expects us to kill, this
|
|
|
|
* algorithm has been meticulously tuned to meet the principle
|
|
|
|
* of least surprise ... (be careful when you change it)
|
|
|
|
*/
|
|
|
|
|
2008-04-28 17:13:35 +08:00
|
|
|
unsigned long badness(struct task_struct *p, unsigned long uptime)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-04-01 06:19:27 +08:00
|
|
|
unsigned long points, cpu_time, run_time;
|
2006-04-19 13:20:38 +08:00
|
|
|
struct mm_struct *mm;
|
|
|
|
struct task_struct *child;
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
int oom_adj = p->signal->oom_adj;
|
2009-09-22 08:03:14 +08:00
|
|
|
struct task_cputime task_time;
|
|
|
|
unsigned long utime;
|
|
|
|
unsigned long stime;
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
|
|
|
|
if (oom_adj == OOM_DISABLE)
|
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-04-19 13:20:38 +08:00
|
|
|
task_lock(p);
|
|
|
|
mm = p->mm;
|
|
|
|
if (!mm) {
|
|
|
|
task_unlock(p);
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2006-04-19 13:20:38 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The memory size of the process is the basis for the badness.
|
|
|
|
*/
|
2006-04-19 13:20:38 +08:00
|
|
|
points = mm->total_vm;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* After this unlock we can no longer dereference local variable `mm'
|
|
|
|
*/
|
|
|
|
task_unlock(p);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-01-06 08:37:03 +08:00
|
|
|
/*
|
|
|
|
* swapoff can easily use up all memory, so kill those first.
|
|
|
|
*/
|
2009-09-22 08:02:27 +08:00
|
|
|
if (p->flags & PF_OOM_ORIGIN)
|
2007-01-06 08:37:03 +08:00
|
|
|
return ULONG_MAX;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Processes which fork a lot of child processes are likely
|
[PATCH] OOM kill: children accounting
In the badness() calculation, there's currently this piece of code:
/*
* Processes which fork a lot of child processes are likely
* a good choice. We add the vmsize of the children if they
* have an own mm. This prevents forking servers to flood the
* machine with an endless amount of children
*/
list_for_each(tsk, &p->children) {
struct task_struct *chld;
chld = list_entry(tsk, struct task_struct, sibling);
if (chld->mm = p->mm && chld->mm)
points += chld->mm->total_vm;
}
The intention is clear: If some server (apache) keeps spawning new children
and we run OOM, we want to kill the father rather than picking a child.
This -- to some degree -- also helps a bit with getting fork bombs under
control, though I'd consider this a desirable side-effect rather than a
feature.
There's one problem with this: No matter how many or few children there are,
if just one of them misbehaves, and all others (including the father) do
everything right, we still always kill the whole family. This hits in real
life; whether it's javascript in konqueror resulting in kdeinit (and thus the
whole KDE session) being hit or just a classical server that spawns children.
Sidenote: The killer does kill all direct children as well, not only the
selected father, see oom_kill_process().
The idea in attached patch is that we do want to account the memory
consumption of the (direct) children to the father -- however not fully.
This maintains the property that fathers with too many children will still
very likely be picked, whereas a single misbehaving child has the chance to
be picked by the OOM killer.
In the patch I account only half (rounded up) of the children's vm_size to
the parent. This means that if one child eats more mem than the rest of
the family, it will be picked, otherwise it's still the father and thus the
whole family that gets selected.
This is heuristics -- we could debate whether accounting for a fourth would
be better than for half of it. Or -- if people would consider it worth the
trouble -- make it a sysctl. For now I sticked to accounting for half,
which should IMHO be a significant improvement.
The patch does one more thing: As users tend to be irritated by the choice
of killed processes (mainly because the children are killed first, despite
some of them having a very low OOM score), I added some more output: The
selected (father) process will be reported first and it's oom_score printed
to syslog.
Description:
Only account for half of children's vm size in oom score calculation
This should still give the parent enough point in case of fork bombs. If
any child however has more than 50% of the vm size of all children
together, it'll get a higher score and be elected.
This patch also makes the kernel display the oom_score.
Signed-off-by: Kurt Garloff <garloff@suse.de>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-21 10:27:51 +08:00
|
|
|
* a good choice. We add half the vmsize of the children if they
|
2005-04-17 06:20:36 +08:00
|
|
|
* have an own mm. This prevents forking servers to flood the
|
[PATCH] OOM kill: children accounting
In the badness() calculation, there's currently this piece of code:
/*
* Processes which fork a lot of child processes are likely
* a good choice. We add the vmsize of the children if they
* have an own mm. This prevents forking servers to flood the
* machine with an endless amount of children
*/
list_for_each(tsk, &p->children) {
struct task_struct *chld;
chld = list_entry(tsk, struct task_struct, sibling);
if (chld->mm = p->mm && chld->mm)
points += chld->mm->total_vm;
}
The intention is clear: If some server (apache) keeps spawning new children
and we run OOM, we want to kill the father rather than picking a child.
This -- to some degree -- also helps a bit with getting fork bombs under
control, though I'd consider this a desirable side-effect rather than a
feature.
There's one problem with this: No matter how many or few children there are,
if just one of them misbehaves, and all others (including the father) do
everything right, we still always kill the whole family. This hits in real
life; whether it's javascript in konqueror resulting in kdeinit (and thus the
whole KDE session) being hit or just a classical server that spawns children.
Sidenote: The killer does kill all direct children as well, not only the
selected father, see oom_kill_process().
The idea in attached patch is that we do want to account the memory
consumption of the (direct) children to the father -- however not fully.
This maintains the property that fathers with too many children will still
very likely be picked, whereas a single misbehaving child has the chance to
be picked by the OOM killer.
In the patch I account only half (rounded up) of the children's vm_size to
the parent. This means that if one child eats more mem than the rest of
the family, it will be picked, otherwise it's still the father and thus the
whole family that gets selected.
This is heuristics -- we could debate whether accounting for a fourth would
be better than for half of it. Or -- if people would consider it worth the
trouble -- make it a sysctl. For now I sticked to accounting for half,
which should IMHO be a significant improvement.
The patch does one more thing: As users tend to be irritated by the choice
of killed processes (mainly because the children are killed first, despite
some of them having a very low OOM score), I added some more output: The
selected (father) process will be reported first and it's oom_score printed
to syslog.
Description:
Only account for half of children's vm size in oom score calculation
This should still give the parent enough point in case of fork bombs. If
any child however has more than 50% of the vm size of all children
together, it'll get a higher score and be elected.
This patch also makes the kernel display the oom_score.
Signed-off-by: Kurt Garloff <garloff@suse.de>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-21 10:27:51 +08:00
|
|
|
* machine with an endless amount of children. In case a single
|
|
|
|
* child is eating the vast majority of memory, adding only half
|
|
|
|
* to the parents will make the child our kill candidate of choice.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2006-04-19 13:20:38 +08:00
|
|
|
list_for_each_entry(child, &p->children, sibling) {
|
|
|
|
task_lock(child);
|
|
|
|
if (child->mm != mm && child->mm)
|
|
|
|
points += child->mm->total_vm/2 + 1;
|
|
|
|
task_unlock(child);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* CPU time is in tens of seconds and run time is in thousands
|
|
|
|
* of seconds. There is no particular reason for this other than
|
|
|
|
* that it turned out to work very well in practice.
|
|
|
|
*/
|
2009-09-22 08:03:14 +08:00
|
|
|
thread_group_cputime(p, &task_time);
|
|
|
|
utime = cputime_to_jiffies(task_time.utime);
|
|
|
|
stime = cputime_to_jiffies(task_time.stime);
|
|
|
|
cpu_time = (utime + stime) >> (SHIFT_HZ + 3);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (uptime >= p->start_time.tv_sec)
|
|
|
|
run_time = (uptime - p->start_time.tv_sec) >> 10;
|
|
|
|
else
|
|
|
|
run_time = 0;
|
|
|
|
|
2009-04-01 06:19:27 +08:00
|
|
|
if (cpu_time)
|
|
|
|
points /= int_sqrt(cpu_time);
|
|
|
|
if (run_time)
|
|
|
|
points /= int_sqrt(int_sqrt(run_time));
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Niced processes are most likely less important, so double
|
|
|
|
* their badness points.
|
|
|
|
*/
|
|
|
|
if (task_nice(p) > 0)
|
|
|
|
points *= 2;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Superuser processes are usually more important, so we make it
|
|
|
|
* less likely that we kill those.
|
|
|
|
*/
|
2008-11-11 19:02:54 +08:00
|
|
|
if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
|
|
|
|
has_capability_noaudit(p, CAP_SYS_RESOURCE))
|
2005-04-17 06:20:36 +08:00
|
|
|
points /= 4;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't want to kill a process with direct hardware access.
|
|
|
|
* Not only could that mess up the hardware, but usually users
|
|
|
|
* tend to only have this flag set on applications they think
|
|
|
|
* of as important.
|
|
|
|
*/
|
2008-11-11 19:02:54 +08:00
|
|
|
if (has_capability_noaudit(p, CAP_SYS_RAWIO))
|
2005-04-17 06:20:36 +08:00
|
|
|
points /= 4;
|
|
|
|
|
2006-09-26 14:31:29 +08:00
|
|
|
/*
|
|
|
|
* If p's nodes don't overlap ours, it may still help to kill p
|
|
|
|
* because p may have allocated or otherwise mapped memory on
|
|
|
|
* this node before. However it will be less likely.
|
|
|
|
*/
|
2009-09-22 08:03:14 +08:00
|
|
|
if (!has_intersects_mems_allowed(p))
|
2006-09-26 14:31:29 +08:00
|
|
|
points /= 8;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
* Adjust the score by oom_adj.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
if (oom_adj) {
|
|
|
|
if (oom_adj > 0) {
|
2007-05-07 05:49:07 +08:00
|
|
|
if (!points)
|
|
|
|
points = 1;
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
points <<= oom_adj;
|
2007-05-07 05:49:07 +08:00
|
|
|
} else
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
points >>= -(oom_adj);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
2007-07-31 15:37:32 +08:00
|
|
|
printk(KERN_DEBUG "OOMkill: task %d (%s) got %lu points\n",
|
2005-04-17 06:20:36 +08:00
|
|
|
p->pid, p->comm, points);
|
|
|
|
#endif
|
|
|
|
return points;
|
|
|
|
}
|
|
|
|
|
2006-02-21 10:27:52 +08:00
|
|
|
/*
|
|
|
|
* Determine the type of allocation constraint.
|
|
|
|
*/
|
|
|
|
#ifdef CONFIG_NUMA
|
2009-12-16 08:45:33 +08:00
|
|
|
static enum oom_constraint constrained_alloc(struct zonelist *zonelist,
|
|
|
|
gfp_t gfp_mask, nodemask_t *nodemask)
|
|
|
|
{
|
2008-04-28 17:12:16 +08:00
|
|
|
struct zone *zone;
|
2008-04-28 17:12:17 +08:00
|
|
|
struct zoneref *z;
|
2008-04-28 17:12:16 +08:00
|
|
|
enum zone_type high_zoneidx = gfp_zone(gfp_mask);
|
2006-02-21 10:27:52 +08:00
|
|
|
|
2009-12-16 08:45:33 +08:00
|
|
|
/*
|
|
|
|
* Reach here only when __GFP_NOFAIL is used. So, we should avoid
|
|
|
|
* to kill current.We have to random task kill in this case.
|
|
|
|
* Hopefully, CONSTRAINT_THISNODE...but no way to handle it, now.
|
|
|
|
*/
|
|
|
|
if (gfp_mask & __GFP_THISNODE)
|
|
|
|
return CONSTRAINT_NONE;
|
2006-02-21 10:27:52 +08:00
|
|
|
|
2009-12-16 08:45:33 +08:00
|
|
|
/*
|
|
|
|
* The nodemask here is a nodemask passed to alloc_pages(). Now,
|
|
|
|
* cpuset doesn't use this nodemask for its hardwall/softwall/hierarchy
|
|
|
|
* feature. mempolicy is an only user of nodemask here.
|
|
|
|
* check mempolicy's nodemask contains all N_HIGH_MEMORY
|
|
|
|
*/
|
|
|
|
if (nodemask && !nodes_subset(node_states[N_HIGH_MEMORY], *nodemask))
|
2006-02-21 10:27:52 +08:00
|
|
|
return CONSTRAINT_MEMORY_POLICY;
|
2009-12-16 08:45:33 +08:00
|
|
|
|
|
|
|
/* Check this allocation failure is caused by cpuset's wall function */
|
|
|
|
for_each_zone_zonelist_nodemask(zone, z, zonelist,
|
|
|
|
high_zoneidx, nodemask)
|
|
|
|
if (!cpuset_zone_allowed_softwall(zone, gfp_mask))
|
|
|
|
return CONSTRAINT_CPUSET;
|
2006-02-21 10:27:52 +08:00
|
|
|
|
|
|
|
return CONSTRAINT_NONE;
|
|
|
|
}
|
2009-12-16 08:45:33 +08:00
|
|
|
#else
|
|
|
|
static enum oom_constraint constrained_alloc(struct zonelist *zonelist,
|
|
|
|
gfp_t gfp_mask, nodemask_t *nodemask)
|
|
|
|
{
|
|
|
|
return CONSTRAINT_NONE;
|
|
|
|
}
|
|
|
|
#endif
|
2006-02-21 10:27:52 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Simple selection loop. We chose the process with the highest
|
|
|
|
* number of 'points'. We expect the caller will lock the tasklist.
|
|
|
|
*
|
|
|
|
* (not docbooked, we don't want this one cluttering up the manual)
|
|
|
|
*/
|
2008-02-07 16:13:58 +08:00
|
|
|
static struct task_struct *select_bad_process(unsigned long *ppoints,
|
|
|
|
struct mem_cgroup *mem)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-09-22 08:03:14 +08:00
|
|
|
struct task_struct *p;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct task_struct *chosen = NULL;
|
|
|
|
struct timespec uptime;
|
[PATCH] OOM kill: children accounting
In the badness() calculation, there's currently this piece of code:
/*
* Processes which fork a lot of child processes are likely
* a good choice. We add the vmsize of the children if they
* have an own mm. This prevents forking servers to flood the
* machine with an endless amount of children
*/
list_for_each(tsk, &p->children) {
struct task_struct *chld;
chld = list_entry(tsk, struct task_struct, sibling);
if (chld->mm = p->mm && chld->mm)
points += chld->mm->total_vm;
}
The intention is clear: If some server (apache) keeps spawning new children
and we run OOM, we want to kill the father rather than picking a child.
This -- to some degree -- also helps a bit with getting fork bombs under
control, though I'd consider this a desirable side-effect rather than a
feature.
There's one problem with this: No matter how many or few children there are,
if just one of them misbehaves, and all others (including the father) do
everything right, we still always kill the whole family. This hits in real
life; whether it's javascript in konqueror resulting in kdeinit (and thus the
whole KDE session) being hit or just a classical server that spawns children.
Sidenote: The killer does kill all direct children as well, not only the
selected father, see oom_kill_process().
The idea in attached patch is that we do want to account the memory
consumption of the (direct) children to the father -- however not fully.
This maintains the property that fathers with too many children will still
very likely be picked, whereas a single misbehaving child has the chance to
be picked by the OOM killer.
In the patch I account only half (rounded up) of the children's vm_size to
the parent. This means that if one child eats more mem than the rest of
the family, it will be picked, otherwise it's still the father and thus the
whole family that gets selected.
This is heuristics -- we could debate whether accounting for a fourth would
be better than for half of it. Or -- if people would consider it worth the
trouble -- make it a sysctl. For now I sticked to accounting for half,
which should IMHO be a significant improvement.
The patch does one more thing: As users tend to be irritated by the choice
of killed processes (mainly because the children are killed first, despite
some of them having a very low OOM score), I added some more output: The
selected (father) process will be reported first and it's oom_score printed
to syslog.
Description:
Only account for half of children's vm size in oom score calculation
This should still give the parent enough point in case of fork bombs. If
any child however has more than 50% of the vm size of all children
together, it'll get a higher score and be elected.
This patch also makes the kernel display the oom_score.
Signed-off-by: Kurt Garloff <garloff@suse.de>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-21 10:27:51 +08:00
|
|
|
*ppoints = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
do_posix_clock_monotonic_gettime(&uptime);
|
2009-09-22 08:03:14 +08:00
|
|
|
for_each_process(p) {
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
unsigned long points;
|
|
|
|
|
2006-09-29 17:01:12 +08:00
|
|
|
/*
|
|
|
|
* skip kernel threads and tasks which have already released
|
|
|
|
* their mm.
|
|
|
|
*/
|
2006-09-26 14:31:32 +08:00
|
|
|
if (!p->mm)
|
|
|
|
continue;
|
2006-09-29 17:01:12 +08:00
|
|
|
/* skip the init task */
|
2007-10-19 14:39:52 +08:00
|
|
|
if (is_global_init(p))
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
continue;
|
2008-02-07 16:14:06 +08:00
|
|
|
if (mem && !task_in_mem_cgroup(p, mem))
|
|
|
|
continue;
|
2005-09-07 06:18:13 +08:00
|
|
|
|
2006-09-29 17:01:14 +08:00
|
|
|
/*
|
|
|
|
* This task already has access to memory reserves and is
|
|
|
|
* being killed. Don't allow any other task access to the
|
|
|
|
* memory reserve.
|
|
|
|
*
|
|
|
|
* Note: this may have a chance of deadlock if it gets
|
|
|
|
* blocked waiting for another task which itself is waiting
|
|
|
|
* for memory. Is there a better alternative?
|
|
|
|
*/
|
|
|
|
if (test_tsk_thread_flag(p, TIF_MEMDIE))
|
|
|
|
return ERR_PTR(-1UL);
|
|
|
|
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
/*
|
2006-06-23 17:03:13 +08:00
|
|
|
* This is in the process of releasing memory so wait for it
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
* to finish before killing some other task by mistake.
|
2006-09-26 14:31:29 +08:00
|
|
|
*
|
|
|
|
* However, if p is the current task, we allow the 'kill' to
|
|
|
|
* go ahead if it is exiting: this will simply set TIF_MEMDIE,
|
|
|
|
* which will allow it to gain access to memory reserves in
|
|
|
|
* the process of exiting and releasing its resources.
|
2006-09-29 17:01:14 +08:00
|
|
|
* Otherwise we could get an easy OOM deadlock.
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
*/
|
2006-09-29 17:01:14 +08:00
|
|
|
if (p->flags & PF_EXITING) {
|
|
|
|
if (p != current)
|
|
|
|
return ERR_PTR(-1UL);
|
|
|
|
|
2006-09-29 17:01:12 +08:00
|
|
|
chosen = p;
|
|
|
|
*ppoints = ULONG_MAX;
|
2006-09-26 14:31:29 +08:00
|
|
|
}
|
2006-09-29 17:01:12 +08:00
|
|
|
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
if (p->signal->oom_adj == OOM_DISABLE)
|
2009-08-19 05:11:10 +08:00
|
|
|
continue;
|
|
|
|
|
2008-04-28 17:13:35 +08:00
|
|
|
points = badness(p, uptime.tv_sec);
|
2009-08-19 05:11:10 +08:00
|
|
|
if (points > *ppoints || !chosen) {
|
[PATCH] cpusets: oom_kill tweaks
This patch series extends the use of the cpuset attribute 'mem_exclusive'
to support cpuset configurations that:
1) allow GFP_KERNEL allocations to come from a potentially larger
set of memory nodes than GFP_USER allocations, and
2) can constrain the oom killer to tasks running in cpusets in
a specified subtree of the cpuset hierarchy.
Here's an example usage scenario. For a few hours or more, a large NUMA
system at a University is to be divided in two halves, with a bunch of student
jobs running in half the system under some form of batch manager, and with a
big research project running in the other half. Each of the student jobs is
placed in a small cpuset, but should share the classic Unix time share
facilities, such as buffered pages of files in /bin and /usr/lib. The big
research project wants no interference whatsoever from the student jobs, and
has highly tuned, unusual memory and i/o patterns that intend to make full use
of all the main memory on the nodes available to it.
In this example, we have two big sibling cpusets, one of which is further
divided into a more dynamic set of child cpusets.
We want kernel memory allocations constrained by the two big cpusets, and user
allocations constrained by the smaller child cpusets where present. And we
require that the oom killer not operate across the two halves of this system,
or else the first time a student job runs amuck, the big research project will
likely be first inline to get shot.
Tweaking /proc/<pid>/oom_adj is not ideal -- if the big research project
really does run amuck allocating memory, it should be shot, not some other
task outside the research projects mem_exclusive cpuset.
I propose to extend the use of the 'mem_exclusive' flag of cpusets to manage
such scenarios. Let memory allocations for user space (GFP_USER) be
constrained by a tasks current cpuset, but memory allocations for kernel space
(GFP_KERNEL) by constrained by the nearest mem_exclusive ancestor of the
current cpuset, even though kernel space allocations will still _prefer_ to
remain within the current tasks cpuset, if memory is easily available.
Let the oom killer be constrained to consider only tasks that are in
overlapping mem_exclusive cpusets (it won't help much to kill a task that
normally cannot allocate memory on any of the same nodes as the ones on which
the current task can allocate.)
The current constraints imposed on setting mem_exclusive are unchanged. A
cpuset may only be mem_exclusive if its parent is also mem_exclusive, and a
mem_exclusive cpuset may not overlap any of its siblings memory nodes.
This patch was presented on linux-mm in early July 2005, though did not
generate much feedback at that time. It has been built for a variety of
arch's using cross tools, and built, booted and tested for function on SN2
(ia64).
There are 4 patches in this set:
1) Some minor cleanup, and some improvements to the code layout
of one routine to make subsequent patches cleaner.
2) Add another GFP flag - __GFP_HARDWALL. It marks memory
requests for USER space, which are tightly confined by the
current tasks cpuset.
3) Now memory requests (such as KERNEL) that not marked HARDWALL can
if short on memory, look in the potentially larger pool of memory
defined by the nearest mem_exclusive ancestor cpuset of the current
tasks cpuset.
4) Finally, modify the oom killer to skip any task whose mem_exclusive
cpuset doesn't overlap ours.
Patch (1), the one time I looked on an SN2 (ia64) build, actually saved 32
bytes of kernel text space. Patch (2) has no affect on the size of kernel
text space (it just adds a preprocessor flag). Patches (3) and (4) added
about 600 bytes each of kernel text space, mostly in kernel/cpuset.c, which
matters only if CONFIG_CPUSET is enabled.
This patch:
This patch applies a few comment and code cleanups to mm/oom_kill.c prior to
applying a few small patches to improve cpuset management of memory placement.
The comment changed in oom_kill.c was seriously misleading. The code layout
change in select_bad_process() makes room for adding another condition on
which a process can be spared the oom killer (see the subsequent
cpuset_nodes_overlap patch for this addition).
Also a couple typos and spellos that bugged me, while I was here.
This patch should have no material affect.
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-07 06:18:09 +08:00
|
|
|
chosen = p;
|
[PATCH] OOM kill: children accounting
In the badness() calculation, there's currently this piece of code:
/*
* Processes which fork a lot of child processes are likely
* a good choice. We add the vmsize of the children if they
* have an own mm. This prevents forking servers to flood the
* machine with an endless amount of children
*/
list_for_each(tsk, &p->children) {
struct task_struct *chld;
chld = list_entry(tsk, struct task_struct, sibling);
if (chld->mm = p->mm && chld->mm)
points += chld->mm->total_vm;
}
The intention is clear: If some server (apache) keeps spawning new children
and we run OOM, we want to kill the father rather than picking a child.
This -- to some degree -- also helps a bit with getting fork bombs under
control, though I'd consider this a desirable side-effect rather than a
feature.
There's one problem with this: No matter how many or few children there are,
if just one of them misbehaves, and all others (including the father) do
everything right, we still always kill the whole family. This hits in real
life; whether it's javascript in konqueror resulting in kdeinit (and thus the
whole KDE session) being hit or just a classical server that spawns children.
Sidenote: The killer does kill all direct children as well, not only the
selected father, see oom_kill_process().
The idea in attached patch is that we do want to account the memory
consumption of the (direct) children to the father -- however not fully.
This maintains the property that fathers with too many children will still
very likely be picked, whereas a single misbehaving child has the chance to
be picked by the OOM killer.
In the patch I account only half (rounded up) of the children's vm_size to
the parent. This means that if one child eats more mem than the rest of
the family, it will be picked, otherwise it's still the father and thus the
whole family that gets selected.
This is heuristics -- we could debate whether accounting for a fourth would
be better than for half of it. Or -- if people would consider it worth the
trouble -- make it a sysctl. For now I sticked to accounting for half,
which should IMHO be a significant improvement.
The patch does one more thing: As users tend to be irritated by the choice
of killed processes (mainly because the children are killed first, despite
some of them having a very low OOM score), I added some more output: The
selected (father) process will be reported first and it's oom_score printed
to syslog.
Description:
Only account for half of children's vm size in oom score calculation
This should still give the parent enough point in case of fork bombs. If
any child however has more than 50% of the vm size of all children
together, it'll get a higher score and be elected.
This patch also makes the kernel display the oom_score.
Signed-off-by: Kurt Garloff <garloff@suse.de>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-21 10:27:51 +08:00
|
|
|
*ppoints = points;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2009-09-22 08:03:14 +08:00
|
|
|
}
|
2006-09-29 17:01:12 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return chosen;
|
|
|
|
}
|
|
|
|
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
/**
|
2008-03-20 08:00:42 +08:00
|
|
|
* dump_tasks - dump current memory state of all system tasks
|
|
|
|
* @mem: target memory controller
|
|
|
|
*
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
* Dumps the current memory state of all system tasks, excluding kernel threads.
|
|
|
|
* State information includes task's pid, uid, tgid, vm size, rss, cpu, oom_adj
|
|
|
|
* score, and name.
|
|
|
|
*
|
|
|
|
* If the actual is non-NULL, only tasks that are a member of the mem_cgroup are
|
|
|
|
* shown.
|
|
|
|
*
|
|
|
|
* Call with tasklist_lock read-locked.
|
|
|
|
*/
|
|
|
|
static void dump_tasks(const struct mem_cgroup *mem)
|
|
|
|
{
|
|
|
|
struct task_struct *g, *p;
|
|
|
|
|
|
|
|
printk(KERN_INFO "[ pid ] uid tgid total_vm rss cpu oom_adj "
|
|
|
|
"name\n");
|
|
|
|
do_each_thread(g, p) {
|
2009-05-29 05:34:19 +08:00
|
|
|
struct mm_struct *mm;
|
|
|
|
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
if (mem && !task_in_mem_cgroup(p, mem))
|
|
|
|
continue;
|
2008-11-07 04:53:29 +08:00
|
|
|
if (!thread_group_leader(p))
|
|
|
|
continue;
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
|
|
|
|
task_lock(p);
|
2009-05-29 05:34:19 +08:00
|
|
|
mm = p->mm;
|
|
|
|
if (!mm) {
|
|
|
|
/*
|
|
|
|
* total_vm and rss sizes do not exist for tasks with no
|
|
|
|
* mm so there's no need to report them; they can't be
|
|
|
|
* oom killed anyway.
|
|
|
|
*/
|
|
|
|
task_unlock(p);
|
|
|
|
continue;
|
|
|
|
}
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n",
|
2009-05-29 05:34:19 +08:00
|
|
|
p->pid, __task_cred(p)->uid, p->tgid, mm->total_vm,
|
oom: move oom_adj value from task_struct to signal_struct
Currently, OOM logic callflow is here.
__out_of_memory()
select_bad_process() for each task
badness() calculate badness of one task
oom_kill_process() search child
oom_kill_task() kill target task and mm shared tasks with it
example, process-A have two thread, thread-A and thread-B and it have very
fat memory and each thread have following oom_adj and oom_score.
thread-A: oom_adj = OOM_DISABLE, oom_score = 0
thread-B: oom_adj = 0, oom_score = very-high
Then, select_bad_process() select thread-B, but oom_kill_task() refuse
kill the task because thread-A have OOM_DISABLE. Thus __out_of_memory()
call select_bad_process() again. but select_bad_process() select the same
task. It mean kernel fall in livelock.
The fact is, select_bad_process() must select killable task. otherwise
OOM logic go into livelock.
And root cause is, oom_adj shouldn't be per-thread value. it should be
per-process value because OOM-killer kill a process, not thread. Thus
This patch moves oomkilladj (now more appropriately named oom_adj) from
struct task_struct to struct signal_struct. it naturally prevent
select_bad_process() choose wrong task.
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22 08:03:13 +08:00
|
|
|
get_mm_rss(mm), (int)task_cpu(p), p->signal->oom_adj,
|
2009-08-19 05:11:10 +08:00
|
|
|
p->comm);
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
task_unlock(p);
|
|
|
|
} while_each_thread(g, p);
|
|
|
|
}
|
|
|
|
|
2009-12-16 08:47:12 +08:00
|
|
|
static void dump_header(struct task_struct *p, gfp_t gfp_mask, int order,
|
|
|
|
struct mem_cgroup *mem)
|
2009-12-15 09:57:47 +08:00
|
|
|
{
|
|
|
|
pr_warning("%s invoked oom-killer: gfp_mask=0x%x, order=%d, "
|
|
|
|
"oom_adj=%d\n",
|
|
|
|
current->comm, gfp_mask, order, current->signal->oom_adj);
|
|
|
|
task_lock(current);
|
|
|
|
cpuset_print_task_mems_allowed(current);
|
|
|
|
task_unlock(current);
|
|
|
|
dump_stack();
|
2009-12-16 08:47:12 +08:00
|
|
|
mem_cgroup_print_oom_info(mem, p);
|
2009-12-15 09:57:47 +08:00
|
|
|
show_mem();
|
|
|
|
if (sysctl_oom_dump_tasks)
|
|
|
|
dump_tasks(mem);
|
|
|
|
}
|
|
|
|
|
2009-12-16 08:45:32 +08:00
|
|
|
#define K(x) ((x) << (PAGE_SHIFT-10))
|
|
|
|
|
2008-03-20 08:00:42 +08:00
|
|
|
/*
|
2006-09-26 14:31:54 +08:00
|
|
|
* Send SIGKILL to the selected process irrespective of CAP_SYS_RAW_IO
|
|
|
|
* flag though it's unlikely that we select a process with CAP_SYS_RAW_IO
|
|
|
|
* set.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2006-12-07 12:31:51 +08:00
|
|
|
static void __oom_kill_task(struct task_struct *p, int verbose)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2007-10-19 14:39:52 +08:00
|
|
|
if (is_global_init(p)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
WARN_ON(1);
|
|
|
|
printk(KERN_WARNING "tried to kill init!\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-12-16 08:45:32 +08:00
|
|
|
task_lock(p);
|
2009-08-19 05:11:10 +08:00
|
|
|
if (!p->mm) {
|
|
|
|
WARN_ON(1);
|
2009-12-16 08:45:32 +08:00
|
|
|
printk(KERN_WARNING "tried to kill an mm-less task %d (%s)!\n",
|
|
|
|
task_pid_nr(p), p->comm);
|
|
|
|
task_unlock(p);
|
2005-04-17 06:20:36 +08:00
|
|
|
return;
|
2009-08-19 05:11:10 +08:00
|
|
|
}
|
2006-09-26 14:31:29 +08:00
|
|
|
|
2006-12-07 12:31:51 +08:00
|
|
|
if (verbose)
|
2009-12-16 08:45:32 +08:00
|
|
|
printk(KERN_ERR "Killed process %d (%s) "
|
|
|
|
"vsz:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
|
|
|
|
task_pid_nr(p), p->comm,
|
|
|
|
K(p->mm->total_vm),
|
2010-03-06 05:41:39 +08:00
|
|
|
K(get_mm_counter(p->mm, MM_ANONPAGES)),
|
|
|
|
K(get_mm_counter(p->mm, MM_FILEPAGES)));
|
2009-12-16 08:45:32 +08:00
|
|
|
task_unlock(p);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We give our sacrificial lamb high priority and access to
|
|
|
|
* all the memory it needs. That way it should be able to
|
|
|
|
* exit() and clear out its resources quickly...
|
|
|
|
*/
|
2008-01-26 04:08:27 +08:00
|
|
|
p->rt.time_slice = HZ;
|
2005-04-17 06:20:36 +08:00
|
|
|
set_tsk_thread_flag(p, TIF_MEMDIE);
|
|
|
|
|
|
|
|
force_sig(SIGKILL, p);
|
|
|
|
}
|
|
|
|
|
2006-12-07 12:31:51 +08:00
|
|
|
static int oom_kill_task(struct task_struct *p)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-08-19 05:11:10 +08:00
|
|
|
/* WARNING: mm may not be dereferenced since we did not obtain its
|
|
|
|
* value from get_task_mm(p). This is OK since all we need to do is
|
|
|
|
* compare mm to q->mm below.
|
|
|
|
*
|
|
|
|
* Furthermore, even if mm contains a non-NULL value, p->mm may
|
|
|
|
* change to NULL at any time since we do not hold task_lock(p).
|
|
|
|
* However, this is of no concern to us.
|
|
|
|
*/
|
2009-09-22 08:03:15 +08:00
|
|
|
if (!p->mm || p->signal->oom_adj == OOM_DISABLE)
|
2006-04-19 13:20:44 +08:00
|
|
|
return 1;
|
2009-08-19 05:11:10 +08:00
|
|
|
|
2006-12-07 12:31:51 +08:00
|
|
|
__oom_kill_task(p, 1);
|
2006-12-07 12:31:50 +08:00
|
|
|
|
2006-04-19 13:20:44 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-10-17 14:25:57 +08:00
|
|
|
static int oom_kill_process(struct task_struct *p, gfp_t gfp_mask, int order,
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
unsigned long points, struct mem_cgroup *mem,
|
|
|
|
const char *message)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct task_struct *c;
|
|
|
|
|
2009-12-15 09:57:47 +08:00
|
|
|
if (printk_ratelimit())
|
2009-12-16 08:47:12 +08:00
|
|
|
dump_header(p, gfp_mask, order, mem);
|
2007-10-17 14:25:57 +08:00
|
|
|
|
2006-09-26 14:31:29 +08:00
|
|
|
/*
|
|
|
|
* If the task is already exiting, don't alarm the sysadmin or kill
|
|
|
|
* its children or threads, just set TIF_MEMDIE so it can die quickly
|
|
|
|
*/
|
2009-08-19 05:11:10 +08:00
|
|
|
if (p->flags & PF_EXITING) {
|
2006-12-07 12:31:51 +08:00
|
|
|
__oom_kill_task(p, 0);
|
2006-09-26 14:31:29 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-12-07 12:31:51 +08:00
|
|
|
printk(KERN_ERR "%s: kill process %d (%s) score %li or a child\n",
|
2007-10-19 14:40:40 +08:00
|
|
|
message, task_pid_nr(p), p->comm, points);
|
2006-12-07 12:31:51 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Try to kill a child first */
|
2007-10-19 14:39:58 +08:00
|
|
|
list_for_each_entry(c, &p->children, sibling) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (c->mm == p->mm)
|
|
|
|
continue;
|
2010-02-23 04:44:14 +08:00
|
|
|
if (mem && !task_in_mem_cgroup(c, mem))
|
|
|
|
continue;
|
2006-12-07 12:31:51 +08:00
|
|
|
if (!oom_kill_task(c))
|
2006-04-19 13:20:44 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2006-12-07 12:31:51 +08:00
|
|
|
return oom_kill_task(p);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-03-05 06:28:39 +08:00
|
|
|
#ifdef CONFIG_CGROUP_MEM_RES_CTLR
|
2008-02-07 16:13:58 +08:00
|
|
|
void mem_cgroup_out_of_memory(struct mem_cgroup *mem, gfp_t gfp_mask)
|
|
|
|
{
|
|
|
|
unsigned long points = 0;
|
|
|
|
struct task_struct *p;
|
|
|
|
|
memcg: handle panic_on_oom=always case
Presently, if panic_on_oom=2, the whole system panics even if the oom
happend in some special situation (as cpuset, mempolicy....). Then,
panic_on_oom=2 means painc_on_oom_always.
Now, memcg doesn't check panic_on_oom flag. This patch adds a check.
BTW, how it's useful ?
kdump+panic_on_oom=2 is the last tool to investigate what happens in
oom-ed system. When a task is killed, the sysytem recovers and there will
be few hint to know what happnes. In mission critical system, oom should
never happen. Then, panic_on_oom=2+kdump is useful to avoid next OOM by
knowing precise information via snapshot.
TODO:
- For memcg, it's for isolate system's memory usage, oom-notiifer and
freeze_at_oom (or rest_at_oom) should be implemented. Then, management
daemon can do similar jobs (as kdump) or taking snapshot per cgroup.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Nick Piggin <npiggin@suse.de>
Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-03-11 07:22:32 +08:00
|
|
|
if (sysctl_panic_on_oom == 2)
|
|
|
|
panic("out of memory(memcg). panic_on_oom is selected.\n");
|
2008-04-16 05:34:37 +08:00
|
|
|
read_lock(&tasklist_lock);
|
2008-02-07 16:13:58 +08:00
|
|
|
retry:
|
|
|
|
p = select_bad_process(&points, mem);
|
|
|
|
if (PTR_ERR(p) == -1UL)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (!p)
|
|
|
|
p = current;
|
|
|
|
|
oom: add sysctl to enable task memory dump
Adds a new sysctl, 'oom_dump_tasks', that enables the kernel to produce a
dump of all system tasks (excluding kernel threads) when performing an
OOM-killing. Information includes pid, uid, tgid, vm size, rss, cpu,
oom_adj score, and name.
This is helpful for determining why there was an OOM condition and which
rogue task caused it.
It is configurable so that large systems, such as those with several
thousand tasks, do not incur a performance penalty associated with dumping
data they may not desire.
If an OOM was triggered as a result of a memory controller, the tasklist
shall be filtered to exclude tasks that are not a member of the same
cgroup.
Cc: Andrea Arcangeli <andrea@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-07 16:14:07 +08:00
|
|
|
if (oom_kill_process(p, gfp_mask, 0, points, mem,
|
2008-02-07 16:13:58 +08:00
|
|
|
"Memory cgroup out of memory"))
|
|
|
|
goto retry;
|
|
|
|
out:
|
2008-04-16 05:34:37 +08:00
|
|
|
read_unlock(&tasklist_lock);
|
2008-02-07 16:13:58 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2006-09-26 14:31:20 +08:00
|
|
|
static BLOCKING_NOTIFIER_HEAD(oom_notify_list);
|
|
|
|
|
|
|
|
int register_oom_notifier(struct notifier_block *nb)
|
|
|
|
{
|
|
|
|
return blocking_notifier_chain_register(&oom_notify_list, nb);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(register_oom_notifier);
|
|
|
|
|
|
|
|
int unregister_oom_notifier(struct notifier_block *nb)
|
|
|
|
{
|
|
|
|
return blocking_notifier_chain_unregister(&oom_notify_list, nb);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(unregister_oom_notifier);
|
|
|
|
|
2007-10-17 14:25:55 +08:00
|
|
|
/*
|
|
|
|
* Try to acquire the OOM killer lock for the zones in zonelist. Returns zero
|
|
|
|
* if a parallel OOM killing is already taking place that includes a zone in
|
|
|
|
* the zonelist. Otherwise, locks all zones in the zonelist and returns 1.
|
|
|
|
*/
|
2008-04-28 17:12:17 +08:00
|
|
|
int try_set_zone_oom(struct zonelist *zonelist, gfp_t gfp_mask)
|
2007-10-17 14:25:55 +08:00
|
|
|
{
|
2008-04-28 17:12:17 +08:00
|
|
|
struct zoneref *z;
|
|
|
|
struct zone *zone;
|
2007-10-17 14:25:55 +08:00
|
|
|
int ret = 1;
|
|
|
|
|
2009-01-07 06:39:00 +08:00
|
|
|
spin_lock(&zone_scan_lock);
|
2008-04-28 17:12:17 +08:00
|
|
|
for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
|
|
|
|
if (zone_is_oom_locked(zone)) {
|
2007-10-17 14:25:55 +08:00
|
|
|
ret = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
2008-04-28 17:12:17 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
|
|
|
|
/*
|
2009-01-07 06:39:00 +08:00
|
|
|
* Lock each zone in the zonelist under zone_scan_lock so a
|
2008-04-28 17:12:17 +08:00
|
|
|
* parallel invocation of try_set_zone_oom() doesn't succeed
|
|
|
|
* when it shouldn't.
|
|
|
|
*/
|
|
|
|
zone_set_flag(zone, ZONE_OOM_LOCKED);
|
|
|
|
}
|
2007-10-17 14:25:55 +08:00
|
|
|
|
|
|
|
out:
|
2009-01-07 06:39:00 +08:00
|
|
|
spin_unlock(&zone_scan_lock);
|
2007-10-17 14:25:55 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Clears the ZONE_OOM_LOCKED flag for all zones in the zonelist so that failed
|
|
|
|
* allocation attempts with zonelists containing them may now recall the OOM
|
|
|
|
* killer, if necessary.
|
|
|
|
*/
|
2008-04-28 17:12:17 +08:00
|
|
|
void clear_zonelist_oom(struct zonelist *zonelist, gfp_t gfp_mask)
|
2007-10-17 14:25:55 +08:00
|
|
|
{
|
2008-04-28 17:12:17 +08:00
|
|
|
struct zoneref *z;
|
|
|
|
struct zone *zone;
|
2007-10-17 14:25:55 +08:00
|
|
|
|
2009-01-07 06:39:00 +08:00
|
|
|
spin_lock(&zone_scan_lock);
|
2008-04-28 17:12:17 +08:00
|
|
|
for_each_zone_zonelist(zone, z, zonelist, gfp_zone(gfp_mask)) {
|
|
|
|
zone_clear_flag(zone, ZONE_OOM_LOCKED);
|
|
|
|
}
|
2009-01-07 06:39:00 +08:00
|
|
|
spin_unlock(&zone_scan_lock);
|
2007-10-17 14:25:55 +08:00
|
|
|
}
|
|
|
|
|
2009-01-07 06:38:59 +08:00
|
|
|
/*
|
|
|
|
* Must be called with tasklist_lock held for read.
|
|
|
|
*/
|
|
|
|
static void __out_of_memory(gfp_t gfp_mask, int order)
|
|
|
|
{
|
2009-05-07 07:02:55 +08:00
|
|
|
struct task_struct *p;
|
|
|
|
unsigned long points;
|
2009-01-07 06:38:59 +08:00
|
|
|
|
2009-05-07 07:02:55 +08:00
|
|
|
if (sysctl_oom_kill_allocating_task)
|
|
|
|
if (!oom_kill_process(current, gfp_mask, order, 0, NULL,
|
|
|
|
"Out of memory (oom_kill_allocating_task)"))
|
2009-01-07 06:38:59 +08:00
|
|
|
return;
|
2009-05-07 07:02:55 +08:00
|
|
|
retry:
|
|
|
|
/*
|
|
|
|
* Rambo mode: Shoot down a process and hope it solves whatever
|
|
|
|
* issues we may have.
|
|
|
|
*/
|
|
|
|
p = select_bad_process(&points, NULL);
|
2009-01-07 06:38:59 +08:00
|
|
|
|
2009-05-07 07:02:55 +08:00
|
|
|
if (PTR_ERR(p) == -1UL)
|
|
|
|
return;
|
2009-01-07 06:38:59 +08:00
|
|
|
|
2009-05-07 07:02:55 +08:00
|
|
|
/* Found nothing?!?! Either we hang forever, or we panic. */
|
|
|
|
if (!p) {
|
|
|
|
read_unlock(&tasklist_lock);
|
2009-12-16 08:47:12 +08:00
|
|
|
dump_header(NULL, gfp_mask, order, NULL);
|
2009-05-07 07:02:55 +08:00
|
|
|
panic("Out of memory and no killable processes...\n");
|
2009-01-07 06:38:59 +08:00
|
|
|
}
|
2009-05-07 07:02:55 +08:00
|
|
|
|
|
|
|
if (oom_kill_process(p, gfp_mask, order, points, NULL,
|
|
|
|
"Out of memory"))
|
|
|
|
goto retry;
|
2009-01-07 06:38:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* pagefault handler calls into here because it is out of memory but
|
|
|
|
* doesn't know exactly how or why.
|
|
|
|
*/
|
|
|
|
void pagefault_out_of_memory(void)
|
|
|
|
{
|
|
|
|
unsigned long freed = 0;
|
|
|
|
|
|
|
|
blocking_notifier_call_chain(&oom_notify_list, 0, &freed);
|
|
|
|
if (freed > 0)
|
|
|
|
/* Got some memory back in the last second. */
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (sysctl_panic_on_oom)
|
|
|
|
panic("out of memory from page fault. panic_on_oom is selected.\n");
|
|
|
|
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
__out_of_memory(0, 0); /* unknown gfp_mask and order */
|
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Give "p" a good chance of killing itself before we
|
|
|
|
* retry to allocate memory.
|
|
|
|
*/
|
|
|
|
if (!test_thread_flag(TIF_MEMDIE))
|
|
|
|
schedule_timeout_uninterruptible(1);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/**
|
2006-06-23 17:03:13 +08:00
|
|
|
* out_of_memory - kill the "best" process when we run out of memory
|
2008-03-20 08:00:42 +08:00
|
|
|
* @zonelist: zonelist pointer
|
|
|
|
* @gfp_mask: memory allocation flags
|
|
|
|
* @order: amount of memory being requested as a power of 2
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* If we run out of memory, we have the choice between either
|
|
|
|
* killing a random task (bad), letting the system crash (worse)
|
|
|
|
* OR try to be smart about which process to kill. Note that we
|
|
|
|
* don't have to be perfect here, we just have to be good.
|
|
|
|
*/
|
2009-12-16 08:45:33 +08:00
|
|
|
void out_of_memory(struct zonelist *zonelist, gfp_t gfp_mask,
|
|
|
|
int order, nodemask_t *nodemask)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2006-09-26 14:31:20 +08:00
|
|
|
unsigned long freed = 0;
|
2007-10-17 14:25:53 +08:00
|
|
|
enum oom_constraint constraint;
|
2006-09-26 14:31:20 +08:00
|
|
|
|
|
|
|
blocking_notifier_call_chain(&oom_notify_list, 0, &freed);
|
|
|
|
if (freed > 0)
|
|
|
|
/* Got some memory back in the last second. */
|
|
|
|
return;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-12-15 09:57:47 +08:00
|
|
|
if (sysctl_panic_on_oom == 2) {
|
2009-12-16 08:47:12 +08:00
|
|
|
dump_header(NULL, gfp_mask, order, NULL);
|
2007-05-07 05:49:59 +08:00
|
|
|
panic("out of memory. Compulsory panic_on_oom is selected.\n");
|
2009-12-15 09:57:47 +08:00
|
|
|
}
|
2007-05-07 05:49:59 +08:00
|
|
|
|
2006-02-21 10:27:52 +08:00
|
|
|
/*
|
|
|
|
* Check if there were limitations on the allocation (only relevant for
|
|
|
|
* NUMA) that may require different handling.
|
|
|
|
*/
|
2009-12-16 08:45:33 +08:00
|
|
|
constraint = constrained_alloc(zonelist, gfp_mask, nodemask);
|
2007-05-07 05:50:00 +08:00
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
|
|
|
|
switch (constraint) {
|
2006-02-21 10:27:52 +08:00
|
|
|
case CONSTRAINT_MEMORY_POLICY:
|
2009-01-07 06:38:59 +08:00
|
|
|
oom_kill_process(current, gfp_mask, order, 0, NULL,
|
2006-02-21 10:27:52 +08:00
|
|
|
"No available memory (MPOL_BIND)");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case CONSTRAINT_NONE:
|
2009-12-15 09:57:47 +08:00
|
|
|
if (sysctl_panic_on_oom) {
|
2009-12-16 08:47:12 +08:00
|
|
|
dump_header(NULL, gfp_mask, order, NULL);
|
2006-06-23 17:03:13 +08:00
|
|
|
panic("out of memory. panic_on_oom is selected\n");
|
2009-12-15 09:57:47 +08:00
|
|
|
}
|
2007-10-17 14:25:56 +08:00
|
|
|
/* Fall-through */
|
|
|
|
case CONSTRAINT_CPUSET:
|
2009-01-07 06:38:59 +08:00
|
|
|
__out_of_memory(gfp_mask, order);
|
2006-02-21 10:27:52 +08:00
|
|
|
break;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-02 18:54:28 +08:00
|
|
|
read_unlock(&tasklist_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Give "p" a good chance of killing itself before we
|
2006-01-08 17:01:05 +08:00
|
|
|
* retry to allocate memory unless "p" is current
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2006-01-08 17:01:05 +08:00
|
|
|
if (!test_thread_flag(TIF_MEMDIE))
|
2006-03-02 18:54:28 +08:00
|
|
|
schedule_timeout_uninterruptible(1);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|